Smishing is a fast-growing version of one of the internet’s oldest and most successful scams. Like any other type of phishing, smishing aims to trick you into handing over sensitive data and information — only instead of using email, cyber criminals send their messages via text or short message service (SMS). Smish attempts are typically sent to mobile phone users as standard texts, but they can also be sent via popular messaging apps.
Smishing is a form of social engineering, where scammers exploit emotions like fear, sympathy, curiosity or greed to get individuals to divulge personal or business information. They do this by sending fraudulent texts to your phone or other mobile device, purporting to be from a trustworthy source, such as a delivery service, utility company, bank or government agency. The information they seek could include usernames, passwords, credit card numbers, bank account numbers, vendor names or other proprietary data. Cyber criminals then sell that data on the black market or use it to commit identity theft, empty bank accounts or redirect payments to themselves.